You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Hao Hao (JIRA)" <ji...@apache.org> on 2017/05/18 20:18:04 UTC

[jira] [Comment Edited] (KUDU-1875) Refuse unauthenticated connections from publicly routable IP addrs

    [ https://issues.apache.org/jira/browse/KUDU-1875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16016398#comment-16016398 ] 

Hao Hao edited comment on KUDU-1875 at 5/18/17 8:17 PM:
--------------------------------------------------------

Added corresponding documentation to security doc and release notes: https://gerrit.cloudera.org/#/c/6922/


was (Author: hahao):
Added corresponding documentation to security doc and release notes.

> Refuse unauthenticated connections from publicly routable IP addrs
> ------------------------------------------------------------------
>
>                 Key: KUDU-1875
>                 URL: https://issues.apache.org/jira/browse/KUDU-1875
>             Project: Kudu
>          Issue Type: Improvement
>          Components: rpc, security
>    Affects Versions: 1.2.0
>            Reporter: Dan Burkert
>            Assignee: Hao Hao
>
> Kudu should by default not accept unauthenticated connections from publicly routable IPs, even if authentication and encryption are not configured.  An unsafe flag should be provided to enable unauthenticated connections from publicly routable IPs, with appropriately scary verbiage and a link to https://krebsonsecurity.com/2017/01/extortionists-wipe-thousands-of-databases-victims-who-pay-up-get-stiffed/.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)